[Openswan Users] can't establish VPN with WIN2K

alvin alvin at realtek.com.tw
Tue Apr 20 10:19:02 CEST 2004 



Subnet-to-Subnet configuration : Win2000-to-Freeswan (PSK).

Hello All,

I am trying to  establish a NET -NET VPN from WIN2K and openswan-1.0.1.
The following is the configuration and log.
The connection seems been established, but host-B can't ping host-A.
If you have any idea, please let me know.
Thanks.

Alvin

                            LINUX-9.0         tunnel            WIN2K 
     host-B ----------OPENSWAN-gateway ==================      Gateway   -------------------- host-A
192.168.5.133    192.168.5.254   172.19.35.150      172.19.35.200   192.168.1.254      192.168.1.100

conn psk-gw
        authby=secret
        left=172.19.35.150
        leftnexthop=172.19.35.200
       rightsubnet=192.168.5.0/24
        right=172.19.35.200
        rightnexthop=172.19.35.150
        rightsubnet=192.168.1.0/24
       auto=add





# ipsec auto --add  up psk-gw
Jan  1 03:47:46 pluto[858]: "psk-gw" #1: initiating Main Mode

104 "psk-gw" #1: STATE_MAIN_I1: initiate
Jan  1 03:47:46 pluto[858]: "psk-gw" #1: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000002]

003 "psk-gw" #1: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000002]
Jan  1 03:47:47 pluto[858]: "psk-gw" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2

106 "psk-gw" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Jan  1 03:47:47 pluto[858]: "psk-gw" #1: discarding duplicate packet; already STATE_MAIN_I2

003 "psk-gw" #1: discarding duplicate packet; already STATE_MAIN_I2
Jan  1 03:47:48 pluto[858]: "psk-gw" #1: WARNING: compute_dh_shared(): for OAKLEY_GROUP_MODP1024 took 860000 usec

003 "psk-gw" #1: WARNING: compute_dh_shared(): for OAKLEY_GROUP_MODP1024 took 860000 usec
Jan  1 03:47:48 pluto[858]: "psk-gw" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3

108 "psk-gw" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Jan  1 03:47:49 pluto[858]: "psk-gw" #1: discarding duplicate packet; already STATE_MAIN_I3

003 "psk-gw" #1: discarding duplicate packet; already STATE_MAIN_I3
Jan  1 03:47:49 pluto[858]: "psk-gw" #1: Main mode peer ID is ID_IPV4_ADDR: '172.19.35.200'

Jan  1 03:47:49 pluto[858]: "psk-gw" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4

Jan  1 03:47:49 pluto[858]: "psk-gw" #1: ISAKMP SA established

004 "psk-gw" #1: STATE_MAIN_I4: ISAKMP SA established
Jan  1 03:47:49 pluto[858]: "psk-gw" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK

122 "psk-gw" #2: STATE_QUICK_I1: initiate
Jan  1 03:47:50 pluto[858]: "psk-gw" #1: discarding duplicate packet; already STATE_MAIN_I4

Jan  1 03:47:50 pluto[858]: "psk-gw" #2: IKE message has the Commit Flag set but Pluto doesn't implement this feature; ignoring flag

Jan  1 03:47:50 pluto[858]: "psk-gw" #2: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME

003 "psk-gw" #2: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME
Jan  1 03:47:51 pluto[858]: "psk-gw" #2: WARNING: compute_dh_shared(): for OAKLEY_GROUP_MODP1024 took 850000 usec

003 "psk-gw" #2: WARNING: compute_dh_shared(): for OAKLEY_GROUP_MODP1024 took 850000 usec
Jan  1 03:48:01 pluto[858]: "psk-gw" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2

Jan  1 03:48:01 pluto[858]: "psk-gw" #2: sent QI2, IPsec SA established

Jan  1 03:48:01 pluto[858]: "psk-gw" #2: IKE message has the Commit Flag set but Pluto doesn't implement this feature; ignoring flag

004 "psk-gw" #2: STATE_QUICK_I2: sent QI2, IPsec SA established
Jan  1 03:48:01 pluto[858]: "psk-gw" #2: retransmitting in response to duplicate packet; already STATE_QUICK_I2

Jan  1 03:48:01 pluto[858]: "psk-gw" #2: IKE message has the Commit Flag set but Pluto doesn't implement this feature; ignoring flag

# Jan  1 03:48:01 pluto[858]: "psk-gw" #2: retransmitting in response to duplicate packet; already STATE_QUICK_I2

Jan  1 03:48:01 pluto[858]: "psk-gw" #2: IKE message has the Commit Flag set but Pluto doesn't implement this feature; ignoring flag

Jan  1 03:48:01 pluto[858]: "psk-gw" #2: discarding duplicate packet -- exhausted retransmission; already STATE_QUICK_I2

Jan  1 03:48:01 pluto[858]: "psk-gw" #2: IKE message has the Commit Flag set but Pluto doesn't implement this feature; ignoring flag

Jan  1 03:48:02 pluto[858]: "psk-gw" #2: message ignored because it contains an unexpected payload type (ISAKMP_NEXT_HASH).

Jan  1 03:48:02 pluto[858]: "psk-gw" #2: sending encrypted notification INVALID_PAYLOAD_TYPE to 172.19.35.200:500

Jan  1 03:48:02 pluto[858]: "psk-gw" #2: IKE message has the Commit Flag set but Pluto doesn't implement this feature; ignoring flag

Jan  1 03:48:02 pluto[858]: "psk-gw" #2: message ignored because it contains an unexpected payload type (ISAKMP_NEXT_HASH).

Jan  1 03:48:02 pluto[858]: "psk-gw" #2: sending encrypted notification INVALID_PAYLOAD_TYPE to 172.19.35.200:500


# ipsec spi
tun0x100a at 172.19.35.200 IPIP: dir=out src=172.19.35.150 life(c,s,h)=addtime(105,0,0)
esp0xfb8da032 at 172.19.35.150 ESP_3DES_HMAC_MD5: dir=in  src=172.19.35.200 iv_bits
=64bits iv=0x556cd595fd5bcc1f ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)
=addtime(106,0,0)
esp0xf0fc7dbd at 172.19.35.200 ESP_3DES_HMAC_MD5: dir=out src=172.19.35.150 iv_bits
=64bits iv=0xdf4551ac23792b31 ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)
=addtime(105,0,0)
tun0x1009 at 172.19.35.150 IPIP: dir=in  src=172.19.35.200 life(c,s,h)=addtime(106,0,0)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20040420/0d7eb4ea/attachment.htm

More information about the Users mailing list